﻿using System;
using System.Data;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
namespace AirCondition.Data
{
    public class AntiSQLAttack
    {

        public static SqlParameter[] GetFormatSQLCommand(string[] inputParams,string[] value)
        {
            SqlParameter[] paras = new SqlParameter[inputParams.Length];
            string[] formatParams = FormatStrings(inputParams);
            for (int i = 0; i < paras.Length; i++)
            {
                paras[i] = new SqlParameter(formatParams[i], value[i]);
            }
            return paras;
        }

        /// <summary>
        /// 
        /// </summary>
        /// <param name="param"></param>
        /// <returns></returns>
        public static string FormatString(string param)
        {
            return "@" + param.Trim();
        }
        /// <summary>
        /// 格式化字段
        /// </summary>
        /// <param name="args"></param>
        /// <returns></returns>
        public static string[] FormatStrings(string[] args)
        {
            string[] format = new string[args.Length];
            for (int i = 0; i < args.Length;i++ )
            {
                format[i] = FormatString(args[i]);
            }
            return format;
        }
  
  

    }
}
